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Claims 



What is claimed is: 



1 


1. 


A method for preventing an outbreak of malicious code, comprising: 


2 


a) 


identifying malicious code at a local location on a network; 


3 


b) 


encrypting information relating to the malicious code at the local location; 


4 


c) 


sending the encrypted information relating to the malicious code to a plurality of 


5 




remote locations utilizing the network; and 


6 


d) 


blocking instances of the malicious code at the remote locations for a 


7 




predetermined amount of time based on the information; 


8 


e) 

J 


wherein the information is selected from the group consisting of a type, context, 


9 




protocol, severity, reporting server, and IP address associated with the malicious 


10 




code. 


1 
I 


9 
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2 




virus, worm, and Trojan. 


1 


3. 


The method as recited in claim 1, wherein the information relating to the 


2 




malicious code includes an identification of the source of the malicious code, 


3 




wherein communications originating at the identified source are denied access to 


4 




the remote locations for the predetermined amount of time. 


1 


4. 


The method as recited in claim 1, further comprising registering at least one of a 


2 




name and checksum of a file containing the malicious code as a known threat. 
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1 5. The method as recited in claim 1, further comprising executing countermeasures 

2 for limiting the effect of the malicious code at the local location. 

1 6. The method as recited in claim 1, wherein the instances of the malicious code 

2 are identified based on at least one of a file name and a checksum of the 

3 malicious code. 

1 7 . The method as recited in claim 1 , wherein additional information about the 

2 malicious code is retrieved if an aspect of the malicious code is not recognized. 

18. A computer program product for managing an outbreak of malicious code, 

2 comprising: 

3 a) computer code for identifying malicious code at a local location on a network; 

4 b) computer code for encrypting information relating to the malicious code at the 

5 local location; 

6 c) computer code for sending the encrypted information relating to the malicious 

7 code to a plurality of remote locations utilizing the network; and 

8 d) computer code for blocking instances of the malicious code at the remote 

9 locations for a predetermined amount of time based on the information; 

10 e) wherein the information is selected from the group consisting of a type, context, 

1 1 protocol, severity, reporting server, and IP address associated with the malicious 

12 code. 

19. A system for preventing an outbreak of malicious code, comprising: 

2 a) logic for identifying malicious code at a local location on a network; 

3 b) logic for encrypting information relating to the malicious code at the local 

4 location; 
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5 c) logic for sending the encrypted information relating to the malicious code to a 

6 plurality of remote locations utilizing the network; and 

7 d) logic for blocking instances of the malicious code at the remote locations for a 

8 predetermined amount of time based on the information; 

9 e) wherein the information is selected from the group consisting of a type, context, 

10 protocol, severity, reporting server, and IP address associated with the malicious 

1 1 code. 

1 1 0. A method for preventing an outbreak of malicious code, comprising: 

2 a) identifying malicious code at a local location on a network; 

3 b) gathering information relating to the malicious code at the local location; 

4 c) sending the information relating to the malicious code to a remote location 

5 utilizing the network; and 

6 d) blocking instances of the malicious code at the remote location; 

7 e) wherein the information is selected from the group consisting of a type, context, 

8 protocol, severity, reporting server, and source of the malicious code. 

1 11. The method as recited in claim 10, wherein the malicious code is at least one of 

2 a virus, worm, and Trojan. 

1 12. The method as recited in claim 10, wherein the instances of the malicious code 

2 are blocked at the remote location for a predetermined amount of time based on 

3 the information. 

1 13. The method as recited in claim 1 0, wherein the information relating to the 

2 malicious code includes an identification of the source of the malicious code, 

3 wherein communications originating at the identified source are denied access to 

4 the remote locations. 
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1 14. The method as recited in claim 10, further comprising registering a name of a 

2 file of the malicious code as a known threat. 

1 1 5 . The method as recited in claim 1 0, wherein the malicious code is recognized 

2 based at least in part on recognizing that a source of the malicious code is 

3 registered as a known threat. 

1 16. The method as recited in claim 1 0, further comprising executing 

2 countermeasures for limiting the effect of the malicious code at the local 

3 location. 

1 17. A computer program product for preventing an outbreak of malicious code, 

2 comprising: 

3 a) computer code for identifying malicious code at a local location on a network; 

4 b) computer code for gathering information relating to the malicious code at the 

5 local location; 

6 c) computer code for sending the information relating to the malicious code to a 

7 remote location utilizing the network; and 

8 d) computer code for blocking instances of the malicious code at the remote 

9 location; 

1 0 e) wherein the information is selected from the group consisting of a type, context, 

1 1 protocol, severity, reporting server, and source of the malicious code. 

1 18. A system for preventing an outbreak of malicious code, comprising: 

2 a) logic for identifying malicious code at a local location on a network; 

3 b) logic for gathering information relating to the malicious code at the local 

4 location; 
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5 c) logic for sending the information relating to the malicious code to a remote 

6 location utilizing the network; and 

7 d) logic for blocking instances of the malicious code the remote location; 

8 e) wherein the information is selected from the group consisting of a type, context, 

9 protocol, severity, reporting server, and source of the malicious code. 

1 19. A method for denying access to a hacker, comprising: 

2 a) identifying an attack by a hacker at a local location on a network; 

3 b) encrypting information relating to the attack at the local location; 

4 c) sending the encrypted information relating to the attack to a plurality of remote 

5 locations utilizing the network; and 

6 d) restricting access to the remote locations for a predetermined amount of time 

7 based on the information; 

8 e) wherein the information is selected from the group consisting of a type, context, 

9 protocol, severity, reporting server, and IP address associated with the attack. 

1 20. The method as recited in claim 19, wherein the attack attempts to create a denial 

2 of service. 

1 21 . The method as recited in claim 19, wherein the information relating to the attack 

2 includes an identification of the source of the attack, wherein communications 

3 originating at the identified source are denied access to the remote locations for 

4 the predetermined amount of time. 

1 22. The method as recited in claim 2 1 , further comprising registering the source of 

2 the attack as a known threat. 
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1 23. The method as recited in claim 19, wherein the attack is recognized based at 

2 least in part on recognizing that the source of the attack is registered as a known 

3 threat. 

1 24. The method as recited in claim 19, further comprising executing 

2 countermeasures for limiting the effect of the attack at the local location. 

1 25. The method as recited in claim 19, wherein additional information about the 

2 attack is retrieved if an aspect of the attack is not recognized. 

1 26. A computer program product for denying access to a hacker, comprising: 

2 a) computer code for identifying an attack by a hacker at a local location on a 

3 network; 

4 b) computer code for encrypting information relating to the attack at the local 



5 location; 

6 c) computer code for sending the encrypted information relating to the attack to a 

7 plurality of remote locations utilizing the network; and 

8 d) computer code for restricting access to the remote locations for a predetermined 

9 amount of time based on the information; 

10 e) for wherein the information is selected from the group consisting of a type, 

1 1 context, protocol, severity, reporting server, and IP address associated with the 

12 attack. 

1 27. A system for denying access to a hacker, comprising: 

2 a) logic for identifying an attack by a hacker at a local location on a network; 

3 b) logic for encrypting information relating to the attack at the local location; 

4 c) logic for sending the encrypted information relating to the attack to a plurality of 

5 remote locations utilizing the network; and 
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6 d) logic for restricting access to the remote locations for a predetermined amount of 

7 time based on the information; 

8 e) wherein the information is selected from the group consisting of a type, context, 

9 protocol, severity, reporting server, and IP address associated with the attack. 

1 28. A method for denying access to a hacker, comprising: 

2 a) identifying an attack by a hacker at a local location on a network; 

3 b) gathering information relating to the attack at the local location; 

4 c) sending the information relating to the attack to a remote location utilizing the 

5 network; and 

6 d) restricting access to the remote location; 

7 e) wherein the information is selected from the group consisting of a type, context, 

8 protocol, severity, reporting server, and source of the attack. 

1 29. The method as recited in claim 28, wherein the attack attempts to create a denial 

2 of service. 

1 30. The method as recited in claim 28, wherein the access to the remote location is 

2 restricted for a predetermined amount of time based on the information. 

1 31. The method as recited in claim 28, wherein the information relating to the attack 

2 includes an identification of the source of the attack, wherein communications 

3 originating at the identified source are denied access to the remote locations. 

1 32 The method as recited in claim 3 1 , further comprising registering the source of 

2 the attack as a known threat. 
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1 33. The method as recited in claim 28, wherein the attack is recognized based at 

2 least in part on recognizing that a source of the attack is registered as a known 

3 threat. 

1 34. The method as recited in claim 28, further comprising executing 

2 countermeasures for limiting the effect of the attack at the local location. 

1 35. A computer program product for denying access to a hacker, comprising: 

2 a) computer code for identifying an attack by a hacker at a local location on a 

3 network; 

4 b) computer code for gathering information relating to the attack at the local 

5 location; 

6 c) computer code for sending the information relating to the attack to a remote 

7 location utilizing the network; and 

8 d) computer code for restricting access to the remote location; 

9 e) wherein the information is selected from the group consisting of a type, context, 
10 protocol, severity, reporting server, and source of the attack. 

1 36. A system for denying access to a hacker, comprising: 

2 a) logic for identifying an attack by a hacker at a local location on a network; 

3 b) logic for gathering information relating to the attack at the local location; 

4 c) logic for sending the information relating to the attack to a remote location 

5 utilizing the network; and 

6 d) logic for restricting access to the remote location; 

7 e) wherein the information is selected from the group consisting of a type, context, 

8 protocol, severity, reporting server, and source of the attack. 

1 37. A method for preventing an outbreak of malicious code, comprising: 
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2 


a) 


identifying malicious code at a local location on a network; 


3 


b) 


wherein the malicious code is at least one of a virus, worm and, Trojan; 


4 


c) 


wherein the malicious code is recognized based at least in part on recognizing 


5 




that at least one of a checksum and a file name of the malicious code is 


6 




registered as a known threat; 


7 


d) 


encrypting information relating to the malicious code at the local location, 


8 




wherein the information is selected from the group consisting of a type, context, 


9 




protocol, severity, reporting server, and IP address associated with the malicious 


10 




code; 


11 


e) 


sending the encrypted information relating to the malicious code to a plurality of 


12 




remote locations utilizing the network; 


$ 13 


f) 


restricting access to the remote locations by communications originating at the 


I 14 




source of the malicious code for a predetermined amount of time based on the 


£ 15 




information; 


m 

m 16 


g) 


executing countermeasures for limiting the effect of the malicious code at the 






local location; and 


9 18 


h) 


retrieving additional information about the malicious code if an aspect of the 


iy 19 




attack is not recognized. 
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